← 返回 Skills 市场
313
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install project-intro-generator
功能描述
一键生成项目介绍页,支持本地编辑和长图导出。
安全使用建议
This skill appears to implement exactly the advertised features, but it has a concrete security flaw you should consider before installing or running it on sensitive hosts: src/git.js uses execSync(`git clone --depth 1 ${gitUrl} ...`) with the gitUrl interpolated directly into a shell command, which can allow command injection if a malicious git URL is provided. Recommendations:
- Do not run this skill with access to sensitive files or credentials unless you audit/mitigate the code first.
- If you need git clone support, prefer running it only with trusted repository URLs, or modify the code to use a spawn variant with an args array (no shell) or a safe git library.
- Run the skill in an isolated environment (container, VM) if you will pass untrusted git URLs or project paths.
- Be aware the generated HTML loads html2canvas from jsdelivr; if you edit/open the generated page in a browser, that remote script will run. If your threat model excludes remote scripts, remove/host that dependency locally.
- If you are not comfortable reviewing or patching the code, test the skill on non-sensitive sample projects only.
功能分析
Type: OpenClaw Skill
Name: project-intro-generator
Version: 0.1.3
The skill bundle contains a command injection vulnerability in `src/git.js`, where the `gitUrl` parameter is passed directly to `execSync` without sanitization. Additionally, `src/image.js` utilizes `playwright` to render HTML and capture screenshots, which presents a risk of local file disclosure or SSRF if the input paths or URLs are not strictly controlled. While these are high-risk vulnerabilities that could lead to Remote Code Execution (RCE), the extensive logic for project analysis and dependency mapping suggests a legitimate utility rather than intentional malware.
能力评估
Purpose & Capability
Name/description match behavior: the code scans local project directories, parses dependencies/README, renders an editable HTML and can export a long PNG via Playwright. Required capabilities (filesystem access, optional git clone, optional playwright) are coherent with the stated purpose.
Instruction Scope
Runtime instructions accept an absolute project path or a git URL and then scan the entire project tree. Scanning local files is necessary for the feature, but the implementation executes shell git clone via child_process.execSync with the user-supplied gitUrl interpolated directly into the command string — this allows command injection if an attacker can control the gitUrl. Also the generated HTML loads html2canvas from jsdelivr (external CDN) which can execute remote JS in the browser/editor context.
Install Mechanism
No platform install spec (instruction-only skill) — lower risk from install scripts. The package.json lists marked and optional playwright; using playwright will require installing it (and its browsers) locally. The public html2canvas loader injects a script from jsdelivr at runtime (remote dependency that could be tampered with); this is expected for screenshot/export functionality but worth noting.
Credentials
The skill requests no environment variables or credentials. It only needs filesystem access and (optionally) network access for git/GitHub and to fetch external resources — these are proportionate to its purpose.
Persistence & Privilege
always:false and no special persistence or cross-skill config modifications. The skill does not request elevated platform privileges in its metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install project-intro-generator - 安装完成后,直接呼叫该 Skill 的名称或使用
/project-intro-generator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.3
- Updated version to 0.1.2 in SKILL.md.
- Reformatted and reorganized SKILL.md for improved clarity.
- Moved installation tip and demo video up in the documentation.
- Minor adjustments to formatting and list descriptions in usage and feature sections.
- No code changes detected; documentation only.
v0.1.1
- Added installation hint for ClawHub at the top of the documentation.
- Included a GitHub repository link for easier access to the project source.
- No functional or code changes introduced in this version.
v0.1.0
Initial release of project-intro-generator:
- Generates editable project introduction pages from local directories.根据项目目录自动生成项目宣传页(可自定义编辑内容、主题)
- Supports long image (PNG) export from HTML via Playwright.支持长截图
- CLI commands for generation and image export.(支持直接用cli来操作)
- Prioritizes README for content, parses common package managers.
- Supports multiple visual themes and project overview statistics.支持多主题
元数据
常见问题
项目宣传页和长截图一键生成工具 是什么?
一键生成项目介绍页,支持本地编辑和长图导出。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 313 次。
如何安装 项目宣传页和长截图一键生成工具?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install project-intro-generator」即可一键安装,无需额外配置。
项目宣传页和长截图一键生成工具 是免费的吗?
是的,项目宣传页和长截图一键生成工具 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
项目宣传页和长截图一键生成工具 支持哪些平台?
项目宣传页和长截图一键生成工具 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 项目宣传页和长截图一键生成工具?
由 kunyashaw(@kunyashaw)开发并维护,当前版本 v0.1.3。
推荐 Skills